Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

Project: psi-probe-rest

com.github.psi-probe:psi-probe-rest:5.3.1-SNAPSHOT

Scan Information (show all):

Summary

Summary of Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
accessors-smart-2.6.0.jarpkg:maven/net.minidev/accessors-smart@2.6.0 043
angus-activation-2.0.3.jarcpe:2.3:a:eclipse:jakarta_mail:2.0.3:*:*:*:*:*:*:*pkg:maven/org.eclipse.angus/angus-activation@2.0.3 0Low35
asm-9.7.1.jarpkg:maven/org.ow2.asm/asm@9.7.1 054
commons-logging-1.3.5.jarpkg:maven/commons-logging/commons-logging@1.3.5 0129
error_prone_annotations-2.42.0.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.42.0 029
j2objc-annotations-3.1.jarpkg:maven/com.google.j2objc/j2objc-annotations@3.1 033
jakarta.activation-api-2.1.4.jarpkg:maven/jakarta.activation/jakarta.activation-api@2.1.4 045
json-path-2.9.0.jarcpe:2.3:a:json-path:jayway_jsonpath:2.9.0:*:*:*:*:*:*:*pkg:maven/com.jayway.jsonpath/json-path@2.9.0 0Highest34
json-smart-2.6.0.jarcpe:2.3:a:json-smart_project:json-smart:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:json-smart_project:json-smart-v2:2.6.0:*:*:*:*:*:*:*
pkg:maven/net.minidev/json-smart@2.6.0 0Highest51
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
micrometer-commons-1.14.12.jarpkg:maven/io.micrometer/micrometer-commons@1.14.12 065
micrometer-observation-1.14.12.jarpkg:maven/io.micrometer/micrometer-observation@1.14.12 065
slf4j-api-2.0.17.jarpkg:maven/org.slf4j/slf4j-api@2.0.17 029
spotbugs-annotations-4.9.8.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8 053
spring-core-6.2.12.jarcpe:2.3:a:pivotal_software:spring_framework:6.2.12:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.2.12:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.2.12:*:*:*:*:*:*:*
pkg:maven/org.springframework/spring-core@6.2.12 0Highest41
spring-hateoas-2.5.1.jarcpe:2.3:a:vmware:spring_hateoas:2.5.1:*:*:*:*:*:*:*pkg:maven/org.springframework.hateoas/spring-hateoas@2.5.1 0Highest46
spring-plugin-core-3.0.0.jarpkg:maven/org.springframework.plugin/spring-plugin-core@3.0.0 042
spring-web-6.2.12.jarcpe:2.3:a:pivotal_software:spring_framework:6.2.12:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:6.2.12:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:6.2.12:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:6.2.12:*:*:*:*:*:*:*
pkg:maven/org.springframework/spring-web@6.2.12 0Highest35

Dependencies (vulnerable)

accessors-smart-2.6.0.jar

Description:

Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/minidev/accessors-smart/2.6.0/accessors-smart-2.6.0.jar
MD5: 0ad72639eea293193f68898da9b0b902
SHA1: 2d96f1d9b6ab7f13261aa81b15703574185747a0
SHA256:222c9f547bb20a99fc486403a398352d1306fb671b38abd7ecab6401df170e61
Referenced In Project/Scope: psi-probe-rest:compile
accessors-smart-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.minidev/json-smart@2.6.0

Identifiers

  • pkg:maven/net.minidev/accessors-smart@2.6.0  (Confidence:High)

angus-activation-2.0.3.jar

Description:

 Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/runner/.m2/repository/org/eclipse/angus/angus-activation/2.0.3/angus-activation-2.0.3.jar
MD5: ad20392145690b36b4f950fe31a31a2a
SHA1: 7f80607ea5014fef0b1779e6c33d63a88a45a563
SHA256:a6bd35c538cf90fff941ad6258c40c08fca0b5c9c3f536c657114f27ce0527a7
Referenced In Project/Scope: psi-probe-rest:compile
angus-activation-2.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

  • pkg:maven/org.eclipse.angus/angus-activation@2.0.3  (Confidence:High)
  • cpe:2.3:a:eclipse:jakarta_mail:2.0.3:*:*:*:*:*:*:*  (Confidence:Low)  

asm-9.7.1.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm/9.7.1/asm-9.7.1.jar
MD5: e2cdd32d198ad31427d298eee9d39d8d
SHA1: f0ed132a49244b042cd0e15702ab9f2ce3cc8436
SHA256:8cadd43ac5eb6d09de05faecca38b917a040bb9139c7edeb4cc81c740b713281
Referenced In Project/Scope: psi-probe-rest:compile
asm-9.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.minidev/json-smart@2.6.0

Identifiers

  • pkg:maven/org.ow2.asm/asm@9.7.1  (Confidence:High)

commons-logging-1.3.5.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well-known logging systems.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-logging/commons-logging/1.3.5/commons-logging-1.3.5.jar
MD5: 9ca067b073153c86c2da350c0f2cdf70
SHA1: a3fcc5d3c29b2b03433aa2d2f2d2c1b1638924a1
SHA256:6d7a744e4027649fbb50895df9497d109f98c766a637062fe8d2eabbb3140ba4
Referenced In Project/Scope: psi-probe-rest:compile
commons-logging-1.3.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

  • pkg:maven/commons-logging/commons-logging@1.3.5  (Confidence:High)

error_prone_annotations-2.42.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.42.0/error_prone_annotations-2.42.0.jar
MD5: 27a54b790cf5121be1982b585870154d
SHA1: 57a3eddaddd4f2d412e13d3bcefba29b5ebda1b6
SHA256:f282a6488838986b8033bd51888928cff6a59c1050426476553ed2622b89e510
Referenced In Project/Scope: psi-probe-rest:provided
error_prone_annotations-2.42.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

  • pkg:maven/com.google.errorprone/error_prone_annotations@2.42.0  (Confidence:High)

j2objc-annotations-3.1.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.
  

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/3.1/j2objc-annotations-3.1.jar
MD5: abe8bd3abff622b9a8b15c3a737aa741
SHA1: a892ca9507839bbdb900d64310ac98256cab992f
SHA256:84d3a150518485f8140ea99b8a985656749629f6433c92b80c75b36aba3b099b
Referenced In Project/Scope: psi-probe-rest:provided
j2objc-annotations-3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

  • pkg:maven/com.google.j2objc/j2objc-annotations@3.1  (Confidence:High)

jakarta.activation-api-2.1.4.jar

Description:

  Specification

License:

EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/runner/.m2/repository/jakarta/activation/jakarta.activation-api/2.1.4/jakarta.activation-api-2.1.4.jar
MD5: bc1602eee7bc61a0b86f14bbbb0cc794
SHA1: 9e5c2a0d75dde71a0bedc4dbdbe47b78a5dc50f8
SHA256:c9db52100ce6c8aac95cc39075f95720d2e561b11f8051b81c121ad4effd7004
Referenced In Project/Scope: psi-probe-rest:compile
jakarta.activation-api-2.1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

  • pkg:maven/jakarta.activation/jakarta.activation-api@2.1.4  (Confidence:High)

json-path-2.9.0.jar

Description:

A library to query and verify JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/jayway/jsonpath/json-path/2.9.0/json-path-2.9.0.jar
MD5: e89678d2e4ff45e4f39a97ccd0223719
SHA1: 37fe2217f577b0b68b18e62c4d17a8858ecf9b69
SHA256:11a9ee6f88bb31f1450108d1cf6441377dec84aca075eb6bb2343be157575bea
Referenced In Project/Scope: psi-probe-rest:compile
json-path-2.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

json-smart-2.6.0.jar

Description:

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/minidev/json-smart/2.6.0/json-smart-2.6.0.jar
MD5: fde8981f31c3b972355a5adf26a9ec65
SHA1: 5f858a43a325a8673da6869ab2bc787a1bcb2244
SHA256:1ae4b561458afb540be8ec5c6dbb4f2e715a319a7ae64854998aaf924770d61b
Referenced In Project/Scope: psi-probe-rest:compile
json-smart-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: psi-probe-rest:provided
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8

Identifiers

  • pkg:maven/com.google.code.findbugs/jsr305@3.0.2  (Confidence:High)

micrometer-commons-1.14.12.jar

Description:

Module containing common code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/io/micrometer/micrometer-commons/1.14.12/micrometer-commons-1.14.12.jar
MD5: 73d02817a01558776dbc5a43b1774add
SHA1: 86459b0c760a1ab5fc17da330203f25ba36f642b
SHA256:83408660d54149650da3658fa65b055158115ac91c900b3812022e1a24a35483
Referenced In Project/Scope: psi-probe-rest:compile
micrometer-commons-1.14.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.hateoas/spring-hateoas@2.5.1

Identifiers

  • pkg:maven/io.micrometer/micrometer-commons@1.14.12  (Confidence:High)

micrometer-observation-1.14.12.jar

Description:

Module containing Observation related code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/io/micrometer/micrometer-observation/1.14.12/micrometer-observation-1.14.12.jar
MD5: 8b63abb3fb62f7ff52f3f20f5f3c7b86
SHA1: 5e20ee1facc4414938f57d6546b3dbd94c10b642
SHA256:430be17d568533f3bb4234d1a7ab3018509967c582c2212770e81bcf933a99b8
Referenced In Project/Scope: psi-probe-rest:compile
micrometer-observation-1.14.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.hateoas/spring-hateoas@2.5.1

Identifiers

  • pkg:maven/io.micrometer/micrometer-observation@1.14.12  (Confidence:High)

slf4j-api-2.0.17.jar

Description:

The slf4j API

License:

https://opensource.org/license/mit
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832
Referenced In Project/Scope: psi-probe-rest:compile
slf4j-api-2.0.17.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.hateoas/spring-hateoas@2.5.1

Identifiers

  • pkg:maven/org.slf4j/slf4j-api@2.0.17  (Confidence:High)

spotbugs-annotations-4.9.8.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.9.8/spotbugs-annotations-4.9.8.jar
MD5: d4c2e7bd090be697ad409a4e75684a94
SHA1: ca4a2783a6123e67124fd7feb4caccd2e2ac9a73
SHA256:6f69d6fe9c55a54dcb30e87d8fa2d5f52246af50d7a3445246d9539ef221be1c
Referenced In Project/Scope: psi-probe-rest:provided
spotbugs-annotations-4.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8  (Confidence:High)

spring-core-6.2.12.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-core/6.2.12/spring-core-6.2.12.jar
MD5: 5495c7d311d73ddaf6fdf3d198b7bab1
SHA1: 298bd954610442d54b276f911d3490372ab62117
SHA256:bddc5a5be2d94191ebcfbadc672fa4d81e6ab51e38a9eaf41d5d035cb17548d4
Referenced In Project/Scope: psi-probe-rest:compile
spring-core-6.2.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.hateoas/spring-hateoas@2.5.1

Identifiers

spring-hateoas-2.5.1.jar

Description:

Library to support implementing representations for
		hyper-text driven REST web services.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/hateoas/spring-hateoas/2.5.1/spring-hateoas-2.5.1.jar
MD5: 2d5642542ef1527f434de00329bd02b9
SHA1: 8d01e1a635fd5be08f7c277fe3284aa7ed1568c4
SHA256:5f8c303a42253b05329cb8141b4c6d2795253adb2e51d788210f882586103f4e
Referenced In Project/Scope: psi-probe-rest:compile
spring-hateoas-2.5.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

spring-plugin-core-3.0.0.jar

Description:

Core plugin infrastructure

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/plugin/spring-plugin-core/3.0.0/spring-plugin-core-3.0.0.jar
MD5: d29a8f831dfe90d150ab694489f2e7c2
SHA1: d56aa02dd7272dca30aa598dc8b72e823227046a
SHA256:edf72d44b9cf1199cc783d620f5f86df82fb378521dac313540086e6c3c66ff0
Referenced In Project/Scope: psi-probe-rest:compile
spring-plugin-core-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.hateoas/spring-hateoas@2.5.1

Identifiers

  • pkg:maven/org.springframework.plugin/spring-plugin-core@3.0.0  (Confidence:High)

spring-web-6.2.12.jar

Description:

Spring Web

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-web/6.2.12/spring-web-6.2.12.jar
MD5: 2bf493d1c575cb1b7b9cc62555fd010e
SHA1: 58bdd67728631b561a8b9cf4249a0d990bb3ef88
SHA256:caff724ebb7c423696e1d2c7690245fbbafe218695b3a4479faa668af0400e6d
Referenced In Project/Scope: psi-probe-rest:compile
spring-web-6.2.12.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.hateoas/spring-hateoas@2.5.1

Identifiers



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.